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DETAILED ACTION 

1 . This action is responsive to the amendment filed on December 13, 2004. In it, claims 7 
and 17-20 have been cancelled. Claims 1-6 and 8-16 remain pending and are again presented for 
examination. A formal action on the merits of claims 1-6 and 8-16 follows. 



Response to Arguments 
2. Applicant's arguments with respect to claims 1 and 16 have been considered but are moot 
in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 103 
3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



4. Claims 1-3, 5-6, 8-11, 14 and 16 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Aziz et al. (U.S. 6,597,956) in view of Salkewicz (U.S. 6,609,153). 



Regarding claim 1, Aziz teaches a system comprising: 



Application/Control Number: 09/84 1,710 Page 3 

Art Unit: 2143 

A connection to a virtual private network [Aziz — Col. 5 lines 6-22 - Virtual Server 
Farm (VSF) is connected back to Intranet via a Virtual Private Network (VPN)]; 
At least one server [Aziz Figures 1C and 2, Col, 2 lines 35-41 and Col. 6 lines 33-35 
- Computing gird contains a large number of CPU's, i.e. application servers or web 
servers]; 

A virtual LAN switch, said virtual LAN switch providing selectable forwarding for 
information to said at least one server [Aziz -- Figure 2 and Col. 6 lines 47-58 - VLAN switch 
allows forwarding of information between a number of CPU's, i.e. servers]; 

At least one volume [Aziz — Figures 1C and 2, Col. 2 lines 35-41 and Col. 6 lines 40- 
46 - Computing grid contains a number of disks, i.e. storage volumes]; 

An FC switch, wherein said FC switch provides selectable interconnection between said 
at least one server and said at least one volume [Aziz — Figure 2 and Col. 6 lines 58-61 - 
Servers and disks are interconnected by using a switch, which can be a Fibre Channel (FC) 
switch], so that information received from a plurality of sources via said virtual private network 
is directed to a particular server for each of said sources by said virtual LAN switch, and wherein 
said information is then directed to a particular volume for each of said sources by said FC 
switch [Aziz Figure 2 and Col. 6 lines 21-61 - Information is routed through VPN which 
is then directed to a plurality of servers, i.e. CPU's, via a VLAN switch which then directs 
storage to a plurality of disks, i.e. volumes, via an FC switch]. 

at least two subsystem management systems for controlling configuration of at least two 
of the router, the virtual LAN switch and the FC switch [Aziz ~ Figures 2, 9, 13-14, Col. 6 lines 
40-50 and Col. 14 lines 8-15 and lines 29-35 - Two subsystem management systems include 
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slave segment managers and farm managers, both subsystems under the master manager, 
which control one or more, i.e. two, VLAN's and FC switches]; 

an integrated service management system communicatively coupled to the at least two 
subsystem management systems and for controlling configuration of the at least two subsystem 
management systems [Aziz -- Figure 9, Col. 14 lines 9-14, lines 21-25, lines 29-35 and lines 
57-61 - Master segment manager of control plane, i.e. integrated service management 
system, manages computing, networking and storage elements of grid by instructing slave 
segment managers, i.e. subscriber (router) management system, to modify appropriate 
resources and controls]; and 

a customer portal application communicatively coupled to the integrated service 
management system and enabling a customer to issue configuration requests to the integrated 
service management system [Aziz — Figure 9, Col. 10 lines 34-39, Col. 14 lines 29-42 and 
lines 59-62, Col. 23 lines 16-48 and Col. 24 lines 35-44 - Customers can enters provisioning 
information, i.e. change configuration, to master segment manager via a webpage console, 
i.e. customer portal, which communicates with master segment manager to provision 
system based upon customers guidelines]. 

Aziz fails to explicitly teach a router connected to a virtual private network, wherein said router 
maintains at least one virtual router for a client. 

However, routers are common to all networks in operation especially when connecting multiple 
WAN's, thus it is obvious that Aziz requires the use of a router although one is not shown. 
Salkewicz, however, discloses a domain isolation system through the use of private virtual 
networks (VPNs) which employ a networking device, i.e. router, containing numerous virtual 
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network machine routers (VNMRs) for routing the varying clients, i.e. subscribers [Salkewicz -- 
Figures IB, 18 and 21, Col. 11 lines 20-45 and Col. 14 lines 44-67 - Col. 15 lines 1-12]. 

Both Aziz and Salkewicz are concerned with protecting and routing subscribers to various 
services/resources through a VPN connected to the Internet. 

Thus, it would have been obvious to one of ordinary skill in the art at the time the invention was 
made to incorporate the router containing a number of virtual routers (VRs) for clients, as taught 
by Salkewicz into the invention of Aziz, in order to provide access to secure private networks, 
i.e. corporations, etc., over the public Internet in addition to allowing users to have improved 
ability to change network domains [Salkewicz — Col, 9 lines 39-41). 

Regarding claim 2, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 1 above, including further including a VPN management system that 
controls operation of said router [Salkewicz -- Col. 4 lines 21-40, Col. 12 lines 4-11 and Col. 15 
lines 9-54 - Databases associated with router controls access to resources and networks. 
Subscriber management system runs software to control the operation of the routing based 
upon the control information in the databases. This information is dynamic and can be 
changed by administrative control]. 

Aziz teaches a hierarchical control process containing a master segment manager and slave 
segment managers to control and manage the various computing, networking and storage 
elements in the computing grid [Aziz -- Col. 14 lines 9-14 and lines 21-25]. 
It would have been obvious to one of ordinary skill in the art at the time the invention was made 
to incorporate the management system to control operation of the router and all its virtual 
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network machine routers, as taught by Salkewicz into the invention of Aziz as one of the slave 
segment managers, in order to provide dynamic, rather than static, bindings [Salkewicz — Col. 
15 line 54] in addition to providing simplified and reduced cost administration of networks 
[Salkewicz -- Col. 12 lines 12-14]. 

Regarding claim 3, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 2 above further comprising: a network interface module that receives 
commands [Aziz - Figure 9 and Col. 14 lines 59-62 - Slave segment managers, one of which 
is the subscriber management system of Salkewicz, receives instructions] from an integrated 
service management system [Aziz Figure 9, Col, 14 lines 9-14, lines 21-25, lines 29-35 and 
lines 57-61 - Master segment manager of control plane, i.e. integrated service management 
system, manages computing, networking and storage elements of grid by instructing slave 
segment managers, i.e. subscriber (router) management system, to modify appropriate 
resources and controls], a service order processing module that analyzes and executes the 
commands [Aziz — Col. 23 lines 38-39 - Instructions are parsed and evaluated, and if 
appropriate, are queued for execution], updates a table of virtual private network information 
[Salkewicz -- Col. 3 lines 39-50, Col. 4 lines 21-40 and Col. 15 lines 9-12 and line 54 - 
Virtual network machine databases contain information to control operation of network 
devices, i.e. routers. Thus, because bindings and database information is dynamic, each 
change in configuration would require that the databases be updated to reflect the new 
changes], and sends new configuration information to said router through a control module 
[Aziz -- Col. 8 lines 35-38 and Col. 10 lines 31-50 - Management interface provides 
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instruction to control plane, i.e. control module, which sends configuration information to 
devices, i.e. routers, switches, servers, disks, etc]. 

Regarding claim 5, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 1 above, further including a server management system that controls 
operation of said virtual LAN switch [Aziz - Col. 10 lines 37-60, Col. 14 lines 9-14 and lines 
21-25 -- Aziz teaches a hierarchical control process containing a master segment manager 
and slave segment managers to control and manage the various computing, networking, i.e. 
controlling and configuring VLAN ports, and storage elements in the computing grid]. 

Regarding claim 6, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 1 above, further including a storage management system that controls 
operation of said FC switch [Aziz -- Col. 10 lines 37-62, Col. 14 lines 9-14 and lines 21-25 -- 
Aziz teaches a hierarchical control process containing a master segment manager and slave 
segment managers to control and manage the various computing, networking, and storage 
elements, i.e. controlling and configuring SAN FC switch, in the computing grid]. 

Regarding claim 8, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 1 above, including wherein said integrated service management system 
further comprises: a network interface module that receives requests to change configuration 
[Aziz -- Figure 9, CoL 10 lines 34-39, Col. 14 lines 59-62 and Col. 23 lines 16-39 - 
Organizational owner users, i.e. administrators, enters provisioning information, i.e. 
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change configuration, to master segment manager], a service order processing module that 
analyzes and executes requests to change configuration received by said network interface 
module [Aziz -- Col. 23 lines 38-39 - Instructions are parsed and evaluated, and if 
appropriate, are queued for execution], updates related tables in service management database 
[Salkewicz Col. 3 lines 39-50, Col. 4 lines 21-40 and Col. 15 lines 13-54 - Network 
databases are used for storing access and configuration information for devices, which 
obviously need to be updated as configurations change], and sends new configuration 
information using said network interface module [Aziz -- Col. 8 lines 35-38 and Col. 10 lines 
31-50 - Management interface provides instruction to control plane, i.e. control module, 
which sends configuration information to devices, i.e. routers, switches, servers, disks, etc]. 

Regarding claim 9, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 8 above, further comprising an operator console application that sends a 
request command to change service configuration to said integrated service management system, 
i.e. master segment manager [Aziz -- Figure 9, Col. 10 lines 34-39, Col. 14 lines 59-62 and 
Col. 23 lines 16-39 - Organizational owner users, i.e. administrators, enters provisioning 
information, i.e. change configuration, to master segment manager via either an 
application or web page GUI]. 

Regarding claim 10, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 8 above, further comprising a customer portal application that sends a 
request command to change service configuration to said integrated service management system, 
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i.e. master segment manager [Aziz Figure 9, Col. 10 lines 34-39, Col. 14 lines 59-62 and 
Col. 23 lines 16-39 - Customers can enters provisioning information, i.e. change 
configuration, to master segment manager via a webpage console]. 

Regarding claim 11, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 8 above, including storing destination information for services in a table 
[Salkewicz -- Col. 3 lines 39-50, Col. 4 lines 21-40 and Col. 15 lines 1-54 - Network 
databases store information for allowing subscribers to gain access to various network 
resources, i.e. servers, etc. Thus, it is obvious that destination information, i.e. IP 
addresses, of those servers would obviously be stored in database, i.e. table]. 

Regarding claim 14, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 8 above, including a service table having a customer ID mapping access 
to a particular VPN ED, server ID and volume/disk ID. 

Aziz-Salkewicz teach that a subscriber ED, i.e. subscriber #1, subscriber #2, etc., are mapped to a 
given virtual network machine router which then provides them access to allowed resources, i.e. 
an ISP, corporate LAN, etc. . . [Salkewicz -- Figure 21 and Col. 14 lines 44-67 - Col. 15 lines 
1-8]. 

In addition, this data is stored in a database, i.e. table, which is on the network device containing 
the virtual network machine routers [Salkewicz -- Figure 20 and Col. 15 lines 13-33]. 
While Aziz-Salkewicz do not explicitly teach mapping a VPN ID and a volume/disk ID to a 
given customer ED, it would have been obvious to a person of ordinary skill in the art to 
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incorporate any number of devices/resources, such as VPN's, volumes/disks, etc, into a service 
table for correlating these devices to a given customer to show which VPN ID and disk/volume 
ID a given customer is assigned, just as the server was mapped. 

Regarding claim 16, Aziz teaches the invention substantially as claimed, a method for 
managing storage, comprising: 

receiving a first and second request in an integrated service management system from a 
customer to change a configuration of a first and second service subsystem in an integrated 
storage and networking system, the second service subsystem being different than the first 
service subsystem [Aziz - Figures 2, 9, 13-14, Col. 6 lines 40-50, Col. 14 lines 8-15, lines 21- 
25, lines 29-35 and lines 57-61, Col. 23 lines 26-38 - Users or customers input provisioning 
information requests, i.e. multiple, for changing or customizing a configuration of the 
system into a customer portal which relays the information to a master segment manager 
of control plane, i.e. integrated service management system. This information changes 
configuration of service subsystems of storage and networking systems, such as VLAN 
information, FC switches, CPU's, SAN's, etc.]; 

analyzing said first and second requests to determine a first and second new configuration 
of said first and second service subsystems [Aziz -- Col. 23 lines 38-39 - Information inputted 
is parsed and evaluated, i.e. analyzed, to determine appropriateness of change information 
from above requests]; and 

sending first and second new configuration information to the first and second subsystem 
managers for controlling configuration of the first and second service subsystems [Aziz Col. 8 
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lines 35-38, Col. 10 lines 31-50 and Col. 14 lines 57-62 - Master segment manager provides 
information to slave/farm segment managers, i.e. first and second subsystem managers, 
which sends instructions over the control plane, i.e. control module, thereby sending 
configuration information to devices, i.e. routers, switches, servers, disks, etc]. 

Aziz fails to explicitly teach updating first and second, i.e. multiple, configuration tables to 
reflect new changes to the various service subsystems. 

However, Aziz does teach executing the instructions [Aziz — Col. 23 lines 38-39] and changing 
configurations of the SAN switch controlling the disks, i.e. storage [Aziz — CoL 10 lines 60-62]. 
Salkewicz, however, teaches the use of network databases, i .e. plural, for storing access and 
configuration information for devices, i.e. plural, therefore first and second, etc. [Salkewicz — 
Col. 3 lines 39-50, Col. 4 lines 21-40 and Col. 15 lines 13-54]. 

Thus, it would have been obvious to one of ordinary skill in the art at the time the invention was 
made to incorporate the configuration databases for network devices, as taught by Salkewicz into 
the invention of Aziz, in order to provide a common and widely used data structure for holding 
configuration info for network storage control devices, i.e. SAN switch. 



5. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Aziz et al. (U.S. 
6,597,956) and Salkewicz (U.S. 6,609,153), as applied to claim 2 above, in view of Akahane et 
al. (U.S. 2001/0050914) and Poisson et al. (U.S. 6,765,591). 
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Regarding claim 4, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 2 above, including a database containing records for controlling access 
to various services based upon identification information, which is used by the virtual network 
machine router [Salkewicz Col. 15 lines 9-54], 

Aziz-Salkewicz fail to teach a VPN table having the fields of VPN ID, IP address of the 
endpoints, protocol used, a flag to indicate whether access to public Internet is permitted and a 
VLAN ID. 

Akahane, however, discloses a VPN table used on an edge router containing information 
specifying VPN ED, protocol, VLAN and destination IP [Akahane — Figures 6 and 8, page 5 
paragraph [0059], page 5-6 paragraphs [0066-0068] and paragraph [0074]]. 
Furthermore, Poisson teaches a system for managing a VPN in which configuration information 
specified for a router includes an indication whether access to public Internet is permitted 
[Poisson -- Figure 18 and Col. 7 lines 26-35 - Security configurations are displayed showing 
the settings for what communication types, i.e. HTTP or Internet, are allowed or enabled 
based upon an entry to a table reflecting a flag/bit set]. 

Salkewicz teaches that layer 2 and 3 addressing is used in the database for controlling access to 
the virtual network machine router. 

Therefore, it would have been obvious to a person of ordinary skill in the art to include the 
source IP address of one endpoint into the VPN table in order to determine the access levels and 
resources a certain subscriber has access to from a given endpoint. 

It would have been obvious to one of ordinary skill in the art at the time the invention was made 
to incorporate the VPN table containing VPN ID, protocol, VLAN and destination IP, as taught 



Application/Control Number: 09/841 ,710 Page 1 3 

Art Unit: 2143 

by Akahane along with the public Internet permission configuration information, as taught by 
Poisson into the invention of Aziz-Salkewicz, in order to provide a well known data structure to 
control access and regulate the resources that subscribers have access to. 



6. Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Aziz et al. (U.S. 
6,597,956) and Salkewicz (U.S. 6,609,153), as applied to claim 8 above, in view of Kim et al. 
(US 2002/0069272). 

Regarding claim 12, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 8 above, but fail to explicitly teach a server table having a server ID, an 
address, a VLAN identification, an application identification, an operating system identification 
and CPU information. 

Kim, however, discloses a system for managing server configurations having a server table 
outlining such information as server ID, an address, i.e. IP, an operating system ED and a CPU 
information [Kim - Page 1 paragraph [0011] and page 5 paragraphs [0051-0053] and 
paragraph [0055]]. 

Aziz discloses a virtual server farm (VSF) system which consists of multiple VLAN having ID's 
such as VLAN1 and VLAN2 along with multiple types of CPU servers, including web servers, 
application servers and database servers [Aziz -- Col. 2 lines 35-41 and Col. 7 lines 9-17]. 
While Kim fails to explicitly teach fields in the table for VLAN ID and application ED, it would 
have been obvious to a person of ordinary skill in the art to incorporate such fields as VLAN ID 
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and application ID, i.e. web server, application server or database server, in order to further 
improve the speed and efficiency of matching server configurations by providing more specific 
information regarding each server type. 

It would have been obvious to a person of ordinary skill in the art at the time the invention was 
made to incorporate the server configuration table, as taught by Kim into the invention of Aziz- 
Salkewicz, in order to provide a well-know and widely used data structure for storing 
information about server configuration which would allow one to ascertain resources of servers 
for proper allocation and deallocation of resources as necessary and desired. 



7. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over Aziz et al. (U.S. 
6,597,956) and Salkewicz (U.S. 6,609,153), as applied to claim 8 above, in view of Blumenau et 
al. (U.S. 6,295,575). 

Regarding claim 13, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 8 above, but fails to explicitly teach a storage table having a volume ID, 
a port ED, a server ID, a capacity ID and access information. 

Blumenau, however, discloses a system for configuring a data storage unit consisting of a table 
having information of volume ID, port information, host, i.e. server, ID and access flag 
information [Blumenau — Figures 5 and 8 and Col, 11 lines 51-67 - Col. 12 lines 1-13]. 
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While Blumenau fails to explicitly teach a field for capacity, it is well known and obvious that a 
major property of a disk or volume is capacity and therefore, it would have been obvious to a 
person of ordinary skill in the art to incorporate such a capacity field, in order to allow a user to 
easily ascertain the size or capacity of a disk/volume. 

It would have been obvious to a person of ordinary skill in the art at the time the invention was 
made to incorporate the storage table containing volume ID, port information, host ID, access 
information and capacity information, as taught by Blumenau into the invention of Aziz- 
Salkewicz, in order to provide a well known data structure for holding configuration information 
associated with the disks. 



8. Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over Aziz et al. (U.S. 
6,597,956) and Salkewicz (U.S. 6,609,153), as applied to claim 8 above, in view of Yamamoto 
(US 2003/0097370). 

Regarding claim 15, Aziz-Salkewicz teach the invention substantially as claimed, as 
aforementioned in claim 8 above, including a table having a customer ID and mappings to 
various services the subscriber has access to [Salkewicz — Col. 3 lines 39-50, Col. 4 lines 21-40 
and Col. 15 lines 13-54]. 

Aziz-Salkewicz, however, fail to teach having the status of a server or other resource. 
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Yamamoto, however, discloses a status mapping table which correlates a server ID along with 
failure and active status information [Yamamoto — Figure 2-4 and page 4 paragraphs [0090- 
0094]]. 

While Yamamoto does not explicitly teach storing the status of a VPN and a volume/disk, it 
would have been obvious to a person of ordinary skill in the art to incorporate any number of 
devices/resources, such as VPN's, volumes/disks, etc, into a status table for storing the status of 
these and other devices, just as the status of a server can be stored. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to incorporate the status information of servers, as taught by Yamamoto into 
the invention of Aziz-Salkewicz, in order to provide a common and widely used data structure 
for holding status information of resources a particular customer has access to which can be used 
to determine availability of a device or resource. 



Conclusion 

9. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas J. Mauro Jr. whose telephone number is 571-272-3917. 
The examiner can normally be reached on M-F 8:00a.m. - 4:30p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A. Wiley can be reached on 571-272-3923. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




TJM 

March 1,2005 




